Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-601 (指向未可信站点的URL重定向(开放重定向)) — Vulnerability Class 712

712 vulnerabilities classified as CWE-601 (指向未可信站点的URL重定向(开放重定向)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-3872 Keycloak: keycloak: information disclosure due to redirect_uri validation bypass — Red Hat build of Keycloak 26.2 7.3 High2026-04-02
CVE-2026-2475 Security Vulnerabilities have been found in IBM Verify Identity Access and IBM Security Verify Access — Verify Identity Access Container 3.1 Low2026-04-01
CVE-2024-58342 XenForo Open Redirect via getDynamicRedirect — XenForo 6.3 Medium2026-04-01
CVE-2026-32113 Discourse: Open redirect via `sso_destination_url` cookie in `enter` — discourse 6.4 -2026-03-31
CVE-2026-4799 Open redirect vulnerability in Search Guard Kibana Plugin via manipulated requests — Search Guard FLX 4.3 Medium2026-03-31
CVE-2026-33885 Statamic has an Open Redirect on unauthenticated endpoints via URL parsing differential — cms 6.1 Medium2026-03-27
CVE-2026-33868 Mastodon has a GET-Based Open Redirect via '/web/%2F<domain>' — mastodon 4.3 Medium2026-03-27
CVE-2026-33397 Angular SSR Vulnerable to Protocol-Relative URL Injection via Single Backslash Bypass — angular-cli 6.1 -2026-03-26
CVE-2026-1166 Open Redirect Vulnerability in Hitachi Ops Center Administrator — Hitachi Ops Center Administrator 4.3 Medium2026-03-25
CVE-2026-33296 AVideo has an Open Redirect via Unvalidated redirectUri in userLogin.php — AVideo 6.1 -2026-03-22
CVE-2026-29105 SuiteCRM has Unauthenticated Open Redirect in Leads WebToLead Capture — SuiteCRM 5.4 Medium2026-03-19
CVE-2026-2376 Mirror-registry: quay: quay: server-side request forgery via open redirect vulnerability in web interface — mirror registry for Red Hat OpenShift 4.9 Medium2026-03-12
CVE-2026-32235 @backstage/plugin-auth-backend: OAuth redirect URI allowlist bypass — plugin-auth-backend 5.9 Medium2026-03-12
CVE-2026-3824 WellChoose|IFTOP - Open redirect — IFTOP 6.1 Medium2026-03-11
CVE-2026-21295 Adobe Commerce | URL Redirection to Untrusted Site ('Open Redirect') (CWE-601) — Adobe Commerce 3.1 Low2026-03-11
CVE-2026-31819 Sylius has an Open Redirect via Referer Header — Sylius 6.1AIMediumAI2026-03-10
CVE-2026-28512 Pocket ID: OAuth redirect_uri validation bypass via userinfo/host confusion — pocket-id 7.1 High2026-03-09
CVE-2026-29067 ZITADEL: Account Takeover Due to Improper Instance Validation in V2 Login — zitadel 8.1 High2026-03-07
CVE-2026-28106 WordPress B2BKing Premium plugin < 5.4.20 - Open Redirection vulnerability — B2BKing Premium 4.7 Medium2026-03-06
CVE-2026-28681 IRRd: web UI host header injection allows password reset poisoning via attacker-controlled email links — irrd 8.1 High2026-03-06
CVE-2026-28413 Products.isurlinportal: Possible open redirect when using more than 2 forward slashes — Products.isurlinportal 5.3 Medium2026-03-05
CVE-2026-27982 allauth-django 输入验证错误漏洞 — django-allauth 6.1 -2026-03-05
CVE-2026-25477 AFFiNE: Open Redirect via Regex Bypass in redirect-proxy — AFFiNE 5.4AIMediumAI2026-03-02
CVE-2026-27738 Angular SSR has an Open Redirect via X-Forwarded-Prefix — angular-cli 6.1AIMediumAI2026-02-25
CVE-2026-27736 BigBlueButton has Open Redirect vulnerability in ApiController — bigbluebutton 6.1 Medium2026-02-25
CVE-2026-28194 JetBrains TeamCity 输入验证错误漏洞 — TeamCity 4.3 Medium2026-02-25
CVE-2026-24847 OpenEMR has Open Redirect in Eye Exam Form — openemr 6.1 Medium2026-02-25
CVE-2026-3049 horilla-opensource horilla Query Parameter global_search.py get redirect — horilla 4.3 Medium2026-02-24
CVE-2026-27191 Feathers: Open Redirect in OAuth callback enables account takeover — feathers 8.1AIHighAI2026-02-21
CVE-2025-71244 SPIP < 4.4.5 Open Redirect via Login Form — SPIP 6.1 Medium2026-02-19

Vulnerabilities classified as CWE-601 (指向未可信站点的URL重定向(开放重定向)) represent 712 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.